Re: /etc/rc.d/ipsec starts not in time

From: Kostyuk Oleg <cub_at_cub.org.ua>
Date: Sun, 16 Nov 2003 12:10:12 +0200
Hi

>>It is not sufficient.  There is setkey(8) in /usr/sbin.  It means that
>>we cannot protect NFS exported /usr by IPsec.  If there is no
>>objection, I wish to move setkey(8) into /sbin like NetBSD did.
> 
> tlambert2> This type of order inversion is common.
> tlambert2> Can we simply delay exportation until later in the boot process?
> tlambert2> Wouldn't this have the same effect?
> 
> Oops, I should explain the situation clearly.  The client which mounts
> /usr by NFS cannot use IPsec due to lack of setkey(8).

I think, you not exactly understand my problem.

I not export anything, not protect NFS exported /usr and
have ordinary workstation with 40G HD and /usr on it.
Using IPSec - hostorical behavior :), and i live without
problems on 4.x .

But I use NFS exports from others.
And, in case if IPSec used between my mashine and NFS server,
I can't boot smoothly - booting hold up on mounting NFS
until I press Ctrl+C .

Patch, which I send, resolve my problem.
But I not sure - applicable this patch for diskless ?....


I can't recall when problem appear. All life server runs on 4.8.
My mashine will be 4.8 - 5.0 - 5.1 - 5 CURRENT.
Now - kern.osreldate: 501113.

-- 
With best wishes, DIGMA sysadmin
Oleg Kostyuk aka Cub (OK5-UANIC)
[BSD registered user #BSD050664]
Received on Sun Nov 16 2003 - 01:10:28 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:29 UTC